0      0

Cybersecurity Practices: Manage Your Threats and Protect Your Patients

Oct 24, 2019 11:00am ‐ Oct 24, 2019 12:30pm

Credits: None available.


In 2015, the United States Congress passed the Cybersecurity Act (CSA), and within this legislation is Section 405(d): Aligning Health Care Industry Security Approaches. As an approach to this requirement, in 2017 HHS convened the 405(d) Task Group leveraging the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. The Task Group’s charge was to develop a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that serve as a resource to meet three core goals: (1) Cost-effectively reduce cybersecurity risks for a range of health care organizations; (2) Support voluntary adoption and implementation; and (3) Ensure, on an ongoing basis, that content is actionable, practical, and relevant to health care stakeholders of every size and resource level. This presentation is an opportunity to discuss the importance of cybersecurity practices and raise awareness that cybersecurity should be treated as an enterprise issue, not just an IT issue. This session will provide information on how organizations can leverage Health Industry Cybersecurity Practices (HICP) to apply mitigating practices to the five main cybersecurity threats.


  • Julie Chua, Branch Chief, Risk Management HHS OIS, United States Health and Human Services
  • Erik Decker, Chief Information Security and Privacy Officer, The University of Chicago Medicine
  • Nicholas Heesters, JD, Health Information Privacy and Security Specialist, OCR, United States HHS, Office of Civil Rights
  • Lacy A. Knight, MD, MS, Chief Medical Information Executive, North Region, Northwestern Medicine


Credits: None available.

You must be logged in and own this session in order to post comments.